--------------
- Unhide Log -
--------------
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html
Program started at: 09/12/2013 08:48:18 PM
Windows Version: Windows Vista
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 298115 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 11791 files processed.
The C:\Users\WORLWI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!
Program finished at: 09/12/2013 09:24:52 PM
Execution time: 0 hours(s), 37 minute(s), and 0 seconds(s)
--------------------
- Malwarebytes Log -
--------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 913091303
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
9/13/2013 1:55:03 AM
mbam-log-2013-09-13 (01-55-02).txt
Scan type: Quick scan
Objects scanned: 241229
Time elapsed: 22 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LINKSWIFT (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\LinkSwift\iid (PUP.Optional.LinkSwift.A) -> Value: iid -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\worlwidewandering\downloads\the_rifleman_season_2_secure.exe (PUP.Optional.Topmedia) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.